All of lore.kernel.org
 help / color / mirror / Atom feed
From: Reinette Chatre <reinette.chatre@intel.com>
To: Jarkko Sakkinen <jarkko@kernel.org>, <linux-sgx@vger.kernel.org>
Cc: Nathaniel McCallum <nathaniel@profian.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	"Ingo Molnar" <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
	<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
	"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
	<linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH v2.1 14/30] x86/sgx: Support restricting of enclave page permissions
Date: Wed, 9 Mar 2022 11:10:07 -0800	[thread overview]
Message-ID: <a79df871-5c7c-ff25-1cdf-508750c8d802@intel.com> (raw)
In-Reply-To: <5e89a3be-0760-b1b4-7693-2f3d9ac5066b@intel.com>

Hi Jarkko,

Apologies, after thinking about this more I believe that I misunderstood
your proposal in my original answer.

On 3/9/2022 8:59 AM, Reinette Chatre wrote:
> Hi Jarkko,
> 
> On 3/9/2022 1:35 AM, Jarkko Sakkinen wrote:
>> On Wed, Mar 09, 2022 at 10:52:22AM +0200, Jarkko Sakkinen wrote:
>>> On Fri, Mar 04, 2022 at 11:35:08AM +0200, Jarkko Sakkinen wrote:
>>>> +#define SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS \
>>>> +	_IOWR(SGX_MAGIC, 0x05, struct sgx_enclave_restrict_perm)
>>>
>>> What if this was replaced with just SGX_IOC_ENCLAVE_RESET_PAGES, which
>>> would simply do EMODPR with PROT_NONE? The main ingredient of EMODPR is to
>>> flush out the TLB's, and move a page to pending state, which cannot be done
>>> from inside the enclave.

Why not keep the flexibility of supporting all permission restrictions?

It is already possible to call SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS with PROT_NONE, no?

> I see the main ingredient as running EMODPR to restrict the EPCM permissions. If
> the user wants to use SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS just to flush TLB it is
> already possible since attempting to use EMODPR to relax permissions does not
> change any permissions (although it still sets EPCM.PR) but yet will still
> flush the TLB.
> 
> Even so, you have a very good point that removing SGX_IOC_ENCLAVE_RELAX_PERMISSIONS
> removes the ability for users to flush the TLB after an EMODPE. If there are
> thus PTEs present at the time the user runs EMODPE the pages would not be
> accessible with the new permissions.
> 
> Repurposing SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS with PROT_NONE to accomplish
> this is not efficient because:
> - For the OS to flush the TLB the enclave pages need not be in the EPC but
>   in order to run EMODPR the enclave page needs to be in the EPC. In an 
>   oversubscribed environment running EMODPR unnecessarily can thus introduce
>   a significant delay. Please see the performance comparison I did in
>   https://lore.kernel.org/linux-sgx/77e81306-6b03-4b09-2df2-48e09e2e79d5@intel.com/
>   The test shows that running EMODPR unnecessarily can be orders of magnitude slower.
> - Running EMODPR on an enclave page sets the EPCM.PR bin in the enclave page
>   that needs to be cleared with an EACCEPT from within the enclave.
>   If the user just wants to reset the TLB after running EMODPE then it should
>   not be necessary to run EACCEPT again to reset EPCM.PR.
> 
> Resetting the TLB is exactly what SGX_IOC_ENCLAVE_RELAX_PERMISSIONS did in an 
> efficient way - it is quick (no need to load pages into EPC) and it does not
> require EACCEPT to clear EPCM.PR. 
> 
> It looks like we need SGX_IOC_ENCLAVE_RELAX_PERMISSIONS back. We could
> rename it to SGX_IOC_ENCLAVE_RESET_PAGES if you prefer.
> 
>>> It's there because of microarchitecture constraints, and less so to work as
>>> a reasonable permission control mechanism (actually it does terrible job on
>>> that side and only confuses).
>>>
>>> Once you have this magic TLB reset button in place you can just do one
>>> EACCEPT and EMODPE inside the enclave and you're done.
>>>
>>> This is also kind of atomic in the sense that EACCEPT free's a page with no
>>> rights so no misuse can happend before EMODPE has tuned EPCM.
>>
>> I wonder if this type of pattern could be made work out for Graphene:
>>
>> 1. SGX_IOC_ENCLAVE_RESET_PAGES
>> 2. EACCEPT + EMODPE
>>
>> This kind of delivers EMODP that everyone has been looking for.
> 

As I understand it this is currently possible with
SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS.

Reinette


  reply	other threads:[~2022-03-09 19:10 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-04  9:34 [RFC PATCH v2.1 01/30] x86/sgx: Add short descriptions to ENCLS wrappers Jarkko Sakkinen
2022-03-04  9:34 ` [RFC PATCH v2.1 02/30] x86/sgx: Add wrapper for SGX2 EMODPR function Jarkko Sakkinen
2022-03-04  9:34 ` [RFC PATCH v2.1 03/30] x86/sgx: Add wrapper for SGX2 EMODT function Jarkko Sakkinen
2022-03-04  9:34 ` [RFC PATCH v2.1 04/30] x86/sgx: Add wrapper for SGX2 EAUG function Jarkko Sakkinen
2022-03-04  9:34 ` [RFC PATCH v2.1 05/30] Documentation/x86: Document SGX permission details Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 06/30] x86/sgx: Support VMA permissions more relaxed than enclave permissions Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 07/30] x86/sgx: Add pfn_mkwrite() handler for present PTEs Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 08/30] x86/sgx: Export sgx_encl_ewb_cpumask() Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 09/30] x86/sgx: Rename sgx_encl_ewb_cpumask() as sgx_encl_cpumask() Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 10/30] x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 11/30] x86/sgx: Make sgx_ipi_cb() available internally Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 12/30] x86/sgx: Create utility to validate user provided offset and length Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 13/30] x86/sgx: Keep record of SGX page type Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 14/30] x86/sgx: Support restricting of enclave page permissions Jarkko Sakkinen
2022-03-09  8:52   ` Jarkko Sakkinen
2022-03-09  9:35     ` Jarkko Sakkinen
2022-03-09 16:59       ` Reinette Chatre
2022-03-09 19:10         ` Reinette Chatre [this message]
2022-03-09 23:35         ` Jarkko Sakkinen
2022-03-09 23:42           ` Jarkko Sakkinen
2022-03-10  0:11             ` Reinette Chatre
2022-03-10  0:10           ` Reinette Chatre
2022-03-10  2:02             ` Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 15/30] selftests/sgx: Add test for EPCM permission changes Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 16/30] selftests/sgx: Add test for TCS page " Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 17/30] x86/sgx: Support adding of pages to an initialized enclave Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 18/30] x86/sgx: Tighten accessible memory range after enclave initialization Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 19/30] selftests/sgx: Test two different SGX2 EAUG flows Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 20/30] x86/sgx: Support modifying SGX page type Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 21/30] x86/sgx: Support complete page removal Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 22/30] Documentation/x86: Introduce enclave runtime management section Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 23/30] selftests/sgx: Introduce dynamic entry point Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 24/30] selftests/sgx: Introduce TCS initialization enclave operation Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 25/30] selftests/sgx: Test complete changing of page type flow Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 26/30] selftests/sgx: Test faulty enclave behavior Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 27/30] selftests/sgx: Test invalid access to removed enclave page Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 28/30] selftests/sgx: Test reclaiming of untouched page Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 29/30] x86/sgx: Free up EPC pages directly to support large page ranges Jarkko Sakkinen
2022-03-04  9:35 ` [RFC PATCH v2.1 30/30] selftests/sgx: Page removal stress test Jarkko Sakkinen
2022-03-04  9:40 ` [RFC PATCH v2.1 01/30] x86/sgx: Add short descriptions to ENCLS wrappers Jarkko Sakkinen
2022-03-04  9:41   ` Jarkko Sakkinen
2022-03-14 19:04 ` Dave Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a79df871-5c7c-ff25-1cdf-508750c8d802@intel.com \
    --to=reinette.chatre@intel.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jarkko@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=nathaniel@profian.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.